Full Disclosure mailing list archives
Re: os x 10.2.x has 8 character password limit
From: "Kurt Seifried" <listuser () seifried org>
Date: Mon, 24 Nov 2003 19:30:03 -0700
When computing power/storage was at a premium things like crypt() worked fine, if you'd suggested a multi-gigabyte table of crypt()'ed dictionary words most people would have said "nice, but not doable right now". Well the times, they change. Now many versions of UNIX use PAM, pluggable authentication modules. An article I wrote for sysadmin magazine a while ago covers PAM: http://www.samag.com/documents/s=1161/sam0009a/0009a.htm The thing with PAM is you have much more flexibility in your authentication backend, once an application is PAM'ified (basically all are now) you can use whatever you want, as long as PAM supports it (and PAM supports most anything). This has lead to MD5/etc hashes rather then crypt(), which provides the ability to use much longer passwords, or things like smartcards/biometrics/radius/kerberos/etc (without having to tear apart the program doing the authentication to insert support). Now according to Apple's docs, such as: http://www.apple.com/macosx/pdfs/MacOSX_for_UNIX_users_TB.pdf Mac OS X supports PAM. According to some other docs you can stipulate the password length in Mac OS X 10.2 and up, perhaps they use a default of 8 characters since "that's how UNIX used to work". My Mac's are all off for the night, or I'd make an attempt to look at the actual password storage to see how it is kept. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- os x 10.2.x has 8 character password limit S . f . Stover (Nov 24)
- Re: os x 10.2.x has 8 character password limit Randal L. Schwartz (Nov 24)
- Re: os x 10.2.x has 8 character password limit S . f . Stover (Nov 24)
- Re: os x 10.2.x has 8 character password limit Brett Hutley (Nov 24)
- Re: os x 10.2.x has 8 character password limit Kurt Seifried (Nov 24)
- Re: os x 10.2.x has 8 character password limit S . f . Stover (Nov 25)
- Re: os x 10.2.x has 8 character password limit S . f . Stover (Nov 24)
- Re: os x 10.2.x has 8 character password limit Randal L. Schwartz (Nov 24)
- Re: os x 10.2.x has 8 character password limit vb (Nov 25)
- Re: os x 10.2.x has 8 character password limit adf--at--Code511.com (Nov 25)
- <Possible follow-ups>
- Re: os x 10.2.x has 8 character password limit Gregory A. Gilliss (Nov 25)